Spyware tools spread to cybercriminals, targeting iPhones

Advanced iPhone hacking tools once used by governments are now in criminal hands.

cybersecurity breach and data hacker attack on laptop screen.identity theft and password scam concept in black and white.business woman hand typing on computer with security threat alert. — Source: Thawatchai Chawong / Getty

New research reveals that powerful spyware tools once reserved for government and law enforcement use are now being adopted by cybercriminal groups to target iPhones. Investigators from Google, iVerify and Lookout recently uncovered two major hacking campaigns exploiting iOS vulnerabilities.

One toolkit, known as Coruna, was originally developed for a government client but later obtained by a Chinese cybercriminal group. It was deployed through fake cryptocurrency and financial websites, allowing hackers to infect iPhones without any user interaction. A second tool, DarkSword, linked to a Russian-based group, used “watering hole” attacks by compromising legitimate websites—particularly Ukrainian news and government sites—to infect visitors’ devices.

Once installed, DarkSword can extract extensive personal data, including messages from apps like iMessage, WhatsApp and Telegram, as well as contacts, location data and browsing history. Researchers warn that parts of the code were left exposed, making it easier for less sophisticated hackers to reuse the technology.

Although Apple has patched the vulnerabilities and deployed additional protections, experts say the spread of these tools significantly lowers the barrier to entry for advanced cyberattacks. As a result, everyday iPhone users—not just high-profile targets—may now face increased risk, with limited ability to detect infections.

Former FBI special agent Cory Grass shares his expertise on the dangers of spyware and cyber threats, and how they’re affecting individuals and national security: